By default, Symantec Encryption Desktop 10.4.1 MP1 and above will block email messages from being sent if PGP Tray is not running.
However, on systems with UEFI Secure Boot enabled running Encryption Desktop 10.4.2 MP1 and below, messages will not be blocked and this can result in messages that should be encrypted being sent unencrypted.
Note that in releases prior to 10.4.1 MP1 on systems without Secure Boot enabled, mail can be blocked if PGP Tray is not running by doing the following in the Encryption Management Server management console:
The blockMailIfInitFailed policy is dependent on the Windows AppInit_DLLs infrastructure. Secure Boot disables this mechanism.
Symantec Encryption Desktop 10.5 MP1 has the best performance related to this issue. Some fixes were included were included in Symantec Encryption Desktop 10.4.2 MP2, but Symantec recommends upgrading to 10.5 MP1 for best results.
In release 10.4.2 MP2 and above, the blockMailIfInitFailed policy is no longer dependent on the Windows AppInit_DLLs infrastructure.
Important Note: See article 190223 for more scenarios related to the PGP plugin and messaging service where mail may not be encrypting properly.